Documentation Center

Setting Up Client Certificate Authentication for Contenta Web

After you configure Tomcat and the web server to support PKI authentication, Contenta Web and Contenta Server setup is required to implement client certificate authentication for Contenta Web.

Procedure

  1. Set the value of value of the XYE_PDM_AUTHENTICATION system variable from its default of INTERNAL for Contenta Web and Contenta Server as follows:
    • In a Windows environment, set the value of XYE_PDM_AUTHENTICATION to EXTERNAL_CERT_AUTH in the following registry keys:
      • Windows Contenta Web Registry Key: HKLM\Software\Wow6432Node\XyEnterprise\Content@\Web\Settings
      • Windows Contenta Server Registry Key: HKLM\Software\Wow6432Node\XyEnterprise\Content@ Server\3.0
    • In a Linux environment, do one of the following:
      • Configure the cw.cshrc (Contenta Web) and pdm.cshrc (Contenta Server) files with the value EXTERNAL_CERT_AUTH and re-source these files before restarting Apache HTTPD and Apache Tomcat OR
      • Update the XYE_PDM_AUTHENTICATION key in unixuser.dat to EXTERNAL_CERT_AUTH. For example:

        ./fileregedit update "{Local Machine}" "/Software/XyEnterprise/Content@/Web/Settings" XYE_PDM_AUTHENTICATION STRING EXTERNAL_CERT_AUTH

  2. Configure the trust key between Contenta Server and Contenta Web by using the Contenta Password Manager utility (dbpwdmgr.exe) on both systems. For further information about the utility, see Using the Contenta Password Utility in this documentation.
  3. Restart Apache HTTPD, Apache Tomcat, and Contenta Server for these changes to go into effect.
  4. For each Contenta Web desktop:
    1. Obtain and install a public key certificate in the client browser.
    2. Import the client certificate into the browser Java certificate store using the Java Control Panel.
    3. Set the path to the login screen to the location of the CWSSOLogin.jsp form.
    4. Configure the External User Id to match the user's Common Name (CN) in the certificate.